﻿using System;
using System.Collections.Generic;
using System.Data.SqlClient;
using System.Linq;
using System.Security.Cryptography;
using System.Web;
using System.Web.Configuration;
using System.Web.UI;
using System.Web.UI.WebControls;

public partial class Home : System.Web.UI.MasterPage
{
    protected void Page_Load(object sender, EventArgs e)
    {
        Error.Visible = false;
    }
    protected void Button1_Click(object sender, EventArgs e)
    {
        if (txtUser.Text == "")
        {
            txtUser.Focus();
        }
        if (txtPassword.Text == "")
        {
            txtPassword.Focus();
        }
        if (!RadioButton1.Checked && !RadioButton2.Checked)
        {
            Error.Text = "Please choose member type!";
            Error.Visible = true;
        }
        else if (RadioButton1.Checked)
        {
            String connect = WebConfigurationManager.ConnectionStrings["ConnectDatabase"].ToString();
            SqlConnection sqlConnect = new SqlConnection(connect);
            sqlConnect.Open();
            SqlCommand sqlCommand = new SqlCommand("Select *From AdminLogin", sqlConnect);
            SqlDataReader Reader = sqlCommand.ExecuteReader();

            while (Reader.Read())
            {
                if (Reader.GetString(0).Equals(txtUser.Text))
                {
                    if (Reader.GetString(1).Equals(txtPassword.Text))
                    {
                        Session["userNameAdmin"] = Reader.GetString(0);
                        Login.InnerText = Session["userNameAdmin"].ToString();
                        Response.Redirect("../Admin/Admin.aspx");
                        return;
                    }
                }
            }
            Error.Text = "Username and password is invalid!";
            Error.Visible = true;
        }
        else if (RadioButton2.Checked)
        {
            String connect = WebConfigurationManager.ConnectionStrings["ConnectDatabase"].ToString();
            SqlConnection sqlConnect = new SqlConnection(connect);
            sqlConnect.Open();
            SqlCommand sqlCommand = new SqlCommand("Select * From  EmpRegister where UserName=@userName", sqlConnect);
            sqlCommand.Parameters.AddWithValue("@userName", txtUser.Text);

            SqlDataReader Reader = sqlCommand.ExecuteReader();

            while (Reader.Read())
            {
                if (Reader.GetString(6).Equals(txtUser.Text))
                {
                    if (this.DecryptString(Reader.GetString(7).Replace(" ","+"),"Password").Equals(txtPassword.Text))
                    {
                        Session["userNameEmployee"] = Reader.GetString(6);
                        Login.InnerText = Session["userNameEmployee"].ToString();
                        Response.Redirect("../Employee/Employee.aspx");
                        return;
                    }
                }
            }
            Error.Text = "Username and password is invalid!";
            Error.Visible = true;
        }
        ModalPopupExtender1.Show();
    }

    public string DecryptString(string Message, string Passphrase)
    {
        byte[] Results;
        System.Text.UTF8Encoding UTF8 = new System.Text.UTF8Encoding();
        MD5CryptoServiceProvider HashProvider = new MD5CryptoServiceProvider();
        byte[] TDESKey = HashProvider.ComputeHash(UTF8.GetBytes(Passphrase));
        TripleDESCryptoServiceProvider TDESAlgorithm = new TripleDESCryptoServiceProvider();
        TDESAlgorithm.Key = TDESKey;
        TDESAlgorithm.Mode = CipherMode.ECB;
        TDESAlgorithm.Padding = PaddingMode.PKCS7;
        byte[] DataToDecrypt = Convert.FromBase64String(Message);

        try
        {
            ICryptoTransform Decryptor = TDESAlgorithm.CreateDecryptor();
            Results = Decryptor.TransformFinalBlock(DataToDecrypt, 0, DataToDecrypt.Length);
        }
        finally
        {
            TDESAlgorithm.Clear();
            HashProvider.Clear();
        }
        return UTF8.GetString(Results);
    }
}
